Secure dynamic hourglass protocol with applications to storage data

With the rise in the adoption of remote data storage services, the need to assure data service reliability in terms of data correctness and availability has steadily gained profound and outstanding interest. There has been sparked growth of interest in the pursuit of verifying the authenticity of remotely stored data at untrusted servers. This emanates mainly from a paradigm shift in the IT industry that has transformed the way businesses are done. With a myriad of advantages accruing from remote data storage and computing, there has been an attraction of many individuals and organizations prompting the movement of data from local to remote data sotres. This growth initiates the importance of developing efficient serurity mechanisms to protect these data. However, outsourcing data storage implies that a client relinquishes the ultimate control over the fate of their data. Risks accruing are due to, the existence of motivations for the service provider to misbehave in regards to a clients stored data e.g. reclaiming storage for monetary reasons by deleting data that is seldom accessed or hiding data loss to maintain reputation. Additionally, although infrastructure under the cloud is powerful and reliable, they are still facing a broad range of both internal and external threats. This implies that although outsourcing data is an economically attractive venture for long term and large scale data storage, it doesn't immediately offer any guarantees on data integrity and availability. This challenge needs to be properly addressed to ensure continued remote data storage success. Our work explores research done in this line of study that includes the Proofs of Data Prossession(PDP)scheme proposed by Ateniese et al. who provided an optimalprotocol design for static data. They formally defined the protocols for PDP which provided a probabilistic proof that a third party stored the file and introduced the first provably-secure and practical PDP scheme guaranteeing data possession. In subsequent research, they developed a dynamic PDP solution that required the client to pre-compute all the future challenges during setup and store the pre-computed metadata in an authenticated and encrypted manner. In this approach, the number of updates and challenges a client could perform was limited and fixed a priori. However, one was not able to perform block insertion as only data appends were possible. Each update required re-creating all the remaining challenges which proved problematic for large files. Additionally, this protocol did not support public verifiability. This is because only the client possessed the encryption keys. We have examined the work of Chris et al. who were the first to explore constructions for dynamic PDP by extending the original PDP model to store data files using rank-based authenticated skip lists. They provided a fully dynamic version of the PDP solution, especially supporting the insertion operation by eliminating the index information in the tag computation. The efficiency of their scheme however remained unclear. In contrast, Wang et al presented a fully dynamic PDP/PoR scheme that could be puclicly audited suitable for storage security in cloud computing specifically supporting the insertion operation that was missing in many PDP schemes. This scheme was extended to support scalable and efficient public auditing in cloud computing. An observable drawback in this scheme is that the insertion operation required the client to specify where the block was to be inserted. The results presented in this research is a direct extension and improvement of the design scheme provided by Marten et al. They tried to solve the problem in which a cloud storage provider could prove to a client that it was encrypting files at rest when the provider himself was holding the corresponding encryption keys. It aimed at demonstrating sound encryption policies and file confidetiality. A misbehaving provider could bypass the computation/management burdens of encryption and store the plaintext only. They proposed practical hourglass schemes to prove correct encryption of files at rest by imposing a resource constraint(i.e. time, storage or computation)for file processing from one domain to another. These schemes provided strong incentives for economically rational cloud providers against the storage of extra plaintext file copies. However the proposed hourglass models were designed to support data at rest and also did not support data dynamics which were deemed expensive because of the requirement to run the schemes. We specifically extend the permutation-based hourglass scheme by introducing the permutation-like hourglass scheme that does not depend on any cryptographic keys. Despite the amount of ongoing research in regards to storage and security of plain/raw data, not much has been seen on the storage and security of ensuring that a data store provider stores data in a particular desired format by the client. This emanates from the fact that some data is quite sensitive to be stored in its plain format such as data related to credit cards, health records et cetera that must be stoned in an encrypted format and be deemed to remain so. There is need to ensure that data is encrypted wherever its stored especially when the data storage provider is not trusted by the client. Our work addresses arising problems in regards to storage data by proposing a scheme that supports public verifibility and enable a Third Party Auditor (TPA) to carry out data auditing without demanding the the local copy of data. This drastically reduces the commucation and computation copy of data. This drastically reduces the communication and computation overhead as compared to straight forward data auditing approaches.The proposed approach ensures that the auditor learns no information about the data content stored on the server. Hence, privacy issues are dealt with. We achieve this through the use of aggregation and algebraic properties of signature schemes to further benefit our design proposal. Specifically in our research, we have aimed at; Constructing a PDP scheme and system that protects sensitive data by ensuring that data is stored in some desired format and public verifiability is offerd. Introducing a permutation-like hourglass scheme that supports dynamically changing data. This desired aspect is not achieved by its predecessor the permutation-based hourglass scheme. We have aimed at placing a security measure in ensuring that data is sotred in a given format. Supporting data dynamics and specifically data insertion, an aspect whith is openly missing in many earlier proposed schemes. Proving the security of our proposed scheme and justifying the performance through comparison with the state-of-art.

Osaka University

2-1 Yamadaoka, Suita, Osaka, Japan 565-0871,Graduate School of Engineering, Osaka University,Division of Electrical, Electronic and Information Engineering,Department of Information and Communications Technology,Cyber Security Engineering area, Building E3 9FTel : +81-6-6879-7714
If you have any comment or concern, let us know by email
web-admin17[at]crypto-cybersec.comm.eng.osaka-u.ac.jp